A 3rd party library is a collection of code provided by an external vendor. In software development is the use of 3rd party libraries normal and widespread. There is a large number of libraries available for different purposes. The use of consolidated code, that these libraries contain, can simplify and accelerate the software development. In the context of VCF Automation the PowerShell, Node.js and Python runtime environment make it very easy to create and use packages with these kind of libraries. However, I have not been able to find any sources on the aspect of using 3rd party libraries with the JavaScript runtime environment, which bases on the Rhino Engine. Reason enough to take a look at it
Use JavaScript 3rd Party Libraries,
with LINQ as an Example
As an example I take the
JavaScript library LINQ by Mihai Ciuraru. This is a JavaScript implementation of the .NET LINQ library. It contains all the methods plus a few additions, it is written in pure JavaScript with no dependencies and it is under the MIT license.
LINQ (Language-Integrated Query) itself defines a set of standard query operators that allow e.g. filter or projection operations to be expressed in a direct but declarative way. A very good approach to create powerful and at the same time more understandable queries.
Some limitations have to be accepted, nothing that sets the world on fire but good to know:
- Rhino supports arrow functions since version 1.7.8, the older version supports only regular functions. The version 1.7R4 is used in VCF Automation until release 8.16.2. This is important to know because many examples are coded with arrow functions.
- The LINQ library supports lambda syntax (dot notation) and not query expression.
To use LINQ with JavaScript runtime environment it is necessary to modify the source code of linq.js to the conditions of the Rhino engine:
- Rhino does not support variable declaration with let and const, therefore these must be replaced by var.
- Rhino does not support export declaration, therefore the line export default Enumerable; at the end must be deleted.
- Rhino has no console window, therefore it is recommended to replace the code sequences if (typeof console !== Types.Undefined) { console.log(...); } with System.log(...).
After these preparations, the LINQ library can be used as an action in VCF Automation. You can find a
Rhino prepared version at my LINQ fork in GitHub. All you have to do, is to adjust the lines of code that contain java.lang.System.out.println with System.log and to embed the library in your VCF Automation according to your calling conventions.
LINQ |
JS |
result = data.orderBy(
function(item) {
return item.name;
}
); |
result = data.sort(
function (item1, item2) {
return item1.name > item2.name ? 1 : -1;
}
); |
result = data.orderByDescending(
function(item) {
return item.name;
}
); |
result = data.sort(
function (item1, item2) {
return item1.name < item2.name ? 1 : -1;
}
); |
result = data.sum(
function(item) {
return item.id;
}
); |
result = data.map(
function(item) { return item.id; }
).reduce(
function(item1, item2) { return item1 + item2 }
); |
You can find more examples in the LINQ JavaScript test file in
my fork of the project.
Security Aspects
JavaScript is a very liberal programming language, to make it easy for beginners to program with it. It was created by Netscape in 1995, to allow programming web pages in the Navigator browser front-end. It follows from this approach, that security perspectives are often browser-related and focus on Internet use of web applications. But in the context of VCF Automation the Rhino JavaScript Engine is used. It is an implementation of JavaScript in Java in the back-end. This eliminates many of the common attack vectors, e.g. like cross-site scripting (XSS). Therewith is the focus on vulnerabilities based on the code and the open-source software (OSS) base. A good start to check the code is
JSHint, a tool that detects errors and potential problems in JavaScript. Furthermore the code in a Git project can be scanned for security vulnerabilities by using
Snyk, which is specialized in OSS. Fork or download the project and check it. Last but not least, in the
Common Vulnerabilities and Exposures (CVE) database can also be searched. With Snyk and in the CVE Db I have found nothing, only marginal warnings are shown by JSHint.
Conclusion
As we can see, in general the use of 3rd party libraries is also possible with the JavaScript runtime environment. However, possible adjustments may be required, as we have seen in this example. If too many or more complex adjustments are necessary, do not implement the library on this way, then the Node.js runtime environment should preferably be used. But, if it is possible, this approach can also be used, because it has the charm that we do not have to leave the runtime environment. This is accompanied by performance gains and lower resource consumption, than when another runtime environment is invoked in the context of an JavaScript action. LINQ in particular offers great possibilities to formulate queries more simply and above all more understandably. The use of LINQ offers therewith interesting approaches.